An approach for testing the krb5 KDC, fixes for UPN support
abartlet at samba.org
Mon Jan 5 17:38:02 MST 2015
Just a heads-up that I'm looking at how to test the Samba KDC, more than
just by the side-effects it shows in the krb5 libraries.
I realise this has serious portability constraints to the MIT codebase,
but I think this is still worthwhile as a tool for verification.
I'm doing this because I need a basis to then implement good tests
around the correct behaviour with regards to the canonicalize flag and
enterprise principal names, for fixing our enterprise UPN support,
The fixes I have for UPN support are here:
However, the back-ported Heimdal patches break our RODC, and while
Garming has done a great job finding the problem, it prompted me to
start on a much better testsuite.
We should also have some canned windows requests to assert responses to
(with fixed up passwords/times).
I'll post this again to the list when we have some more tests written.
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical